JWT Decoder
Decode a JSON Web Token and inspect its header, payload and signature.
Processed 100% in your browser — nothing you enter here is ever uploaded.
Common use cases
Debugging a 401 Unauthorized error
Check whether an access token has already expired by comparing its exp claim against the current time.
Checking which scopes a token grants
Inspect the roles or scope claim embedded in an access token to see exactly what it's authorized to do.
Integrating with a new OAuth provider
Decode a sample token from an identity provider's docs to understand its claim structure before writing code against it.
How to use the JWT Decoder
Paste a JSON Web Token — it should look like three sections separated by dots.
The header and payload are decoded and pretty-printed instantly as you type.
The signature itself is shown but not verified — verifying a signature requires the secret or public key, which this tool never asks for.
Use this to quickly inspect claims like `exp`, `iat`, or `sub` during API debugging.
If the token has an `exp` claim, a status badge shows whether it's already expired or how long until it expires — no manual timestamp math needed.